J Gupta

Janis Kazakovs wrote:Btw, in case of JSF, an action listener could be an alternative to servlet filter to perform authentication.

Right off the bat, that's what I was looking for

Thanks a lot, I wish you a happy new year

Rahul, Thanks for asking
If I was implementing Front controller I could have added a Filter for authentication, I was wondering if there a standard practice for separating authentication concern in your design

Can some one point me design patterns for user authentication in JSF ?

I believe there has to be some specification on how you connect to it. .

Why do you care if it has RDBMS or not, when you have use the system as black box

Seems like a webservice is a good candidate to talk to this system if it will let you

1. Usually in a real world enviornment you do not need to, your webserver is in DMZ and app server is in inner firewall. I believe it is fair to assume that whoever is in your company network is not trying to break in
2. In my opinion declarative J2EE roles based security is practical, since your app server is in inner firewall you do not worry about requests coming from internet directly to your app server
3. Security context can be propagated to you app server from web server

Has anyone used noFun profile for representing the NFRs in the system ? I am trying to find a best way to represent my system confirms to the NFRs.

I understand we can use standard design/architectural patterns to provide QoS and in a real life project you go through Performance Testing to check how your code/configuration performs agains NFRs,

But is it enough just to make use of design patterns and clustering etc and have design assumptions

After I click verify the dialog says there are 2 elements that failed verification. I can not find which elements have failed there is nothing in output box

Appreciate any feedback

My assignment has some entities in BDM that does not have any reference in Use Cases provided. Can we just create the entities in class diagram and leave as it is ? I feel that I can fulfil business requirements without doing anything with those enties

What do you guys think.

James Owen wrote:...

I think 15 minutes are for the survey

J Gupta wrote:

Celinio Fernandes wrote:congratulations !

1) what percentage of questions did you get on design patterns ? on security ?

2) did you get questions on EJB version 2 ?

3) did you use any mock software ?

Thanks
1) Sorry don't remember the percentage was but there were a lot, if you planning to skip pattern, I believe you need to think twice. In my opinion a good grasp on both J2EE and GoF patterns are must. Some questions were really simple and some questions were really really tough

2) They don't expect you to remember API I believe

3) I purchased Sun's mock questions, just to test waters

Rahul Mishra wrote:Also talk about the references you used for understanding JCA, SOA using JEE architecuture.. elaborate on your prep material please..

and congratulations..one down..two to go..

I did not go much deep in JCA, apart from understanding what it does and what scenario it can be applied

Not sure what you mean by SOA using J2EE, but you need to understand concepts of JMS and JAX-WS

I read MZ's notes, GoF patterns from Wikipedia, Two SCEA books, I skipped chapters which are not relevant any more. The EJB3.0 book from Sun. Parts of Sun's Java 5 tutorial.

if you can grasp MZ notes on pattern directly then good but I started with Core J2EE patterns

Celinio Fernandes wrote:congratulations !

1) what percentage of questions did you get on design patterns ? on security ?

2) did you get questions on EJB version 2 ?

3) did you use any mock software ?

Thanks
1) Sorry don't remember the percentage was but there were a lot, if you planning to skip pattern, I believe you need to think twice. In my opinion a good grasp on both J2EE and GoF patterns are must. Some questions were really simple and some questions were really really tough

2) They don't expect you to remember API I believe

3) No - Sorry I take that back, I did

deepak adlakha wrote:Congarts

Can you please share what kind of questions one can expect for web technologies. I assume there wont direct API questions correct me if i am wrong. But one must know what all about web technologies from exam point of view?

There was no API question that was asked. The questions were mostly what technology (JSP, JSF, Servlet, Tag library, Expression) you would use in what scenario.

Could not stop myself writing this. I am glad to share the news that I passed part 1.

There are really nice people here providing critical feedback and advice for passing the exam, Hats off to them

My word of advise for exam - Apart from all the studies you do, You need to apply common sense and don't freak out reading lengthy and boring description of the question

Hi,
I am not sure I am getting this right, but following I how I understand most of the websites operate. Can you guys please validate if I am wrong somewhere


1.A merchant generates a pair of private and public key
2.The Merchant sends the public key to CA in order to sign
3.CA after verification provides a digital certificate to merchant ( via email)
4.The Merchant install digital certificate, public key and private key in the http:// (HTTP over SSL) web application. Assumed merchant�s private is kept secure
5.A buyer points their browser to merchant�s secure web app and get merchants public key
6.The browser at buyer machine validates merchant�s digital certificate using CA public key , if there is an issue with certificate it warn user, issues could be such as certificate expired or could not be validated etc
7.The browser encrypts a symmetric key using merchant�s public key
8.Merchant decrypts buyers symmetric key using its private key
9.Merchant and buyer are communicating securely using this symmetric key exchanged